Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
4-177
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Discovery and Connection Event Series 2 Data Blocks
Security Intelligence Category Data Block 5.1+
The eStreamer service uses the Security Intelligence Category data block in access control rule metadata
messages to stream Security Intelligence information. The Security Intelligence Category data block has
a block type of 22 in the series 2 group of blocks.
messages to stream Security Intelligence information. The Security Intelligence Category data block has
a block type of 22 in the series 2 group of blocks.
The following graphic shows the structure of the Security Intelligence Category data block:
The following table describes the fields in the Security Intelligence Category data block.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Security Intelligence Category Block Type (22)
Security Intelligence Category Block Length
Security Intelligence List ID
AC Policy
UUID
Access Control Policy UUID
Access Control Policy UUID, continued
Access Control Policy UUID, continued
Access Control Policy UUID, continued
Rule Name
String Block Type (0)
String Block Length
Security Intelligence List Name...
Table 4-90
Security Intelligence Category Data Block fields
Field
Data Type
Description
Security Intelligence
Category Block Type
Category Block Type
uint32
Initiates an Security Intelligence Category data block. This
value is always
value is always
22
.
Security Intelligence
Category Block
Length
Category Block
Length
uint32
Total number of bytes in the Security Intelligence Category
block, including eight bytes for the Security Intelligence
Category block type and length fields, plus the number of
bytes of data that follows.
block, including eight bytes for the Security Intelligence
Category block type and length fields, plus the number of
bytes of data that follows.
Security Intelligence
List ID
List ID
uint32
The ID of the IP blacklist or whitelist triggered by the
connection.
connection.
Access Control
Policy UUID
Policy UUID
uint8[16]
The UUID of the access control policy configured for
Security Intelligence.
Security Intelligence.
String Block Type
uint32
Initiates a String data block containing the descriptive name
associated with the access control rule reason. This value is
always
associated with the access control rule reason. This value is
always
0
.